Short Takes: Common Terminal Services Questions

For some reason, I get quite a bit of mail from readers who have questions about terminal services . Assuming that many of you have the same questions, I’d like to share a few.

Q: Is there any reason why I should make the License Server a separate server from the terminal server?

A: I'd never suggest that you dedicate a server to licensing. Once clients have their per-seat licenses, that server won't get hit at all and will be left twiddling its thumbs. In purely Windows 2000 domains, the license server service must reside on a domain controller; in a workgroup or Windows NT 4.0 domain, the license server can be a member server—even the terminal server itself. However, in Win2K domains, it's not a good idea to make the terminal server a domain controller for performance reasons, so the license server should be somewhere other than on the terminal server in Win2K domains.

Q: Do we still need Terminal Server Client Access Licenses (TSCALs) if we use Citrix MetaFrame and our clients connect to the terminal server via the ICA protocol?

A: Yes, you do. The display protocol that clients use to connect to the terminal server doesn’t matter to licensing. Because clients are accessing a terminal server, you need a TSCAL.

Q: Can I avoid some of the Win2K Server Terminal Services licensing issues if all our clients run Win2K Professional?

A: Yes. Win2K Pro clients won't ever talk to the licensing server at all because they have built-in certificates. When a client attempts to log on to a Terminal Services server, the server asks for a license. If the client already has one (either built-in or from the license server), the server allows the connection. (Only when the client doesn't already have a valid license certificate does it talk to the license server.)

Q: Why is it that we can get updates for the RDP client but not for the server product (which would give us RDP5 features for Windows NT Server 4.0, Terminal Server Edition—TSE)?

A: Mark Aggar, technical marketing manager for terminal services at Microsoft, says that the architectural differences between TSE and Terminal Services in Application Server mode aren’t significant enough to make the two incompatible. (For example, the memory allocated to each session is less in Terminal Services than it was in TSE, which means that you can have more clients on the same server once you allow for Terminal Services' greater memory requirements—but changes to the memory management architecture don’t affect the way the server and client pass data back and forth.) Microsoft doesn't offer RDP5 capability as a TSE upgrade because that’s not the way the company wants to release the changes. The RDP changes were version upgrades, and Microsoft doesn’t make same-feature patches to previous versions of its OSs when it releases a new OS. If you want the enhanced capabilities without the next version of the OS, you can buy helper software from another vendor, such as Citrix or NCD. (NCD, which some of you might not know about, offers a good suite of RDP-based helper products for TSE and Terminal Services.) In short, you can buy improvements to TSE, but you can’t do it from Microsoft without buying a version upgrade.

Finally, in the last newsletter, I mistakenly implied that it's not possible to restore a license server to a server other than the machine on which it originally resided—in fact, disaster recovery might require you to do so. Chapter 16 of the "Windows 2000 Deployment Planning Guide" addresses this restoration issue. To back up the license server, back up the System State data and the Lserver directory (which, by default, is in \\winnt\system32\lserver) while the licensing service is running. Restoring to a server with the same SID restores all data, as noted earlier. Restoring to a server with a different SID restores a record of only the licenses already issued. Look in the event log’s System folder to get the number and type of licenses not restored, and call the Microsoft licensing clearinghouse to have the licenses reissued. In other words, you can’t restore the whole database to a different server without help from Microsoft—but you can restore it.

That should do for now. If you have more questions, go ahead and ask—you’re probably not the only one who wants to know.